It has been several years now since the Linux 101 article and I have written many more Linux and Windows How-To reports. I know that many comments about Windows this or that might seem pretty negative when in fact they were just very truthful. My recent QST article on keeping your XP hardware going with Linux, drew lots of emails and many "very good" or "great - about time" responses from readers. In doing and working over all the recent articles several "extra" concepts popped up that might help new users understand better what I mean and how Linux works. So let us start with my favorite statement that Windows is not an operating system.
For many readers, saying that Windows is not an operating system, will come over as just more Windows bashing. That is clearly not what I am talking about and I have very good and honest reasons for making such a statement. Consider the general idea that because Windows is not an operating system, the user skill level is in fact very low and makes it possible for just about anyone to use it. In the same sense, that means the OS if you will behind smart phones and tablets is not an operating system as well. Now it is true that all these devices have some form of an OS underneath what the user uses, and by some trick or special program it is possible to get access to the OS, the average user will not do that and not even consider doing that. So my starting point of OS or not, the first concept is how restricted the user is in overall ability to change how things work.
One minor point about Windows that has given me more than my share of problems, is Windows Admin users limited ability to do everything. More that once, I have needed to tweak a Windows system this way or that, only to find that even Admin can not do it. The results is typically a complete install to fix the problem. Linux however, uses the Unix style of permissions and as such gives the root user full ability to fix, remove, or destroy the system. It is assumed in the Unix world that the root user does in fact know what they are doing and as such should not be limited in anyway. I think it makes the whole system cleaner and more modular doing it that way. For most people who know very little about computing, Windows' strong point is clearly making sure users do not shoot themselves in the foot if you will. While using Unix/Linux means you really do need to learn something about how it works if your going to keep things working properly.
Another topic to define a difference between a real OS and not, is simply how much "tweaking" can you do. In the case of Windows typically about all you can adjust is the background color and maybe some fancy graphics. With a real and modular OS, just about everything is adjustable. Instead of just a background color change, how about changing how the whole desktop works. Need the OS to fit inside some embedded device like the RaspberryPI, your free to pick and choose just what you need. Custom Live OS's to support a product, no problem. Need to build a Kiosk that only allows users to brows the internet, simply run a few scripts and some downloads and your done. For me the use of plain text configuration files is very powerful and is one way to define a true OS - easy to configure.
I think it is important to understand that it is not the kernel that makes Linux a true OS, but the overall system and how it all goes together to provide the user with some set of abilities. Windows, smart phones, and tablets, limit users options to lower the skill level and make their products more appliance like. Unix/Linux like systems as a whole system require some knowledge to operate, but have no limits of any kind on what the user can or can not do. Since there are really no limits, it means there can be no limit to just how creative a person can be using these tools. We have seen the RaspberryPI user community take off and explode with all sorts of creative endeavors due to the open nature of the product and software that runs it - Linux.
For most users, the term Unix might bring back college days, or represent some highly technical set of tools that big corporations use for their "business" needs. It is however an operating system reaching about 40 years of age. It has many licenses, patented ideas, copyrighted code bases, and numerous other features that helps it run many of the worlds companies and web sites. These restrictions if you will is what got Linus Torvold to write the Linux kernel. Unix and Linux both however are not just a kernel, but consist of many tools, programs, and ideas that create the overall system that we call an Operating System or OS. What Linus caused to happen, is the ability to turn your small little computer into a full mini-mainframe, just like those that run big businesses.
I think this is one aspect of Linux that gets over looked by many users and writers. Windows was an outgrowth of CP/M to MS-DOS, and into the Windows we know of today. Linux roots are in the mainframe world of corporate business. It brings along with it a long list of features most users will not know how to use, but makes it the tools of choice for business users on a tight budget. Is this good for the average user? Until more recently I would have said no, but currently, the skill set needed to use Linux has decreased dramatically and many first time users are finding it meeting their needs. For business users, never has there been a better time to switch.
I know that one of businesses biggest problems with Windows, has been the major changes from one version to the next. It seems like the only people happy about the changes are the training groups that can look forward to re-training the work force again. However, the Unix based world has little changed for most of it's history. The tool set developed way back when, is pretty much the same set now in use. From a skills learning stand point, once you learn Unix/Linux, your set for life. There are minor updates and feature changes for these systems, but rarely is there a major enough change that you would have to change the whole way you work. However feel comfortable that should you need to re-think how you work, the modular approach will allow you to change it all or just a feature here or there. The choice will be yours now, without the wait for a new release that may or may not meet your needs.
I just did an update of this file, and it said I have over 10,000 characters. I could be doing this on a tablet or cell phone, but can you imagine typing 10,000 characters into an on screen keyboard. I find the idea pretty hard to accept. Yet there are many people out there talking like that will be your only option soon. When Windows 8 came out, they had pretty much eliminated the idea of using a keyboard and going full tilt to touch screens for all your entry. As a writer and programer, such options are impossible for me to consider. I found just setting up an 8.1 system, which brought back some of the old style tools, difficult at best.
What we are seeing to some extend is just differentiation of the market. The good point is those with limited computer skills are getting more options and tools to help them out. What seems to be dropping to the way side if you will, are all the people whose tasks require old style keyboarding, direct access to file systems, and who are actually creating all these new "appliance" tools being demanded by non-computer users. I suspect two reason why so many companies are still using XP, is cost and training. XP works like a computer should and employees know how to use them. What more could you want, except continued support.
This is where Linux comes in, by being modular, it is possible to load drivers and tools that allow for accessing and using the old hardware. The lower layers if you will, say the kernel and it's modules, can be installed to match the older hardware. Once the lower layers are working for the old system, automatically all the upper layers can provide the new software programs, since the middle layer of tools and interfaces, isolate the actual hardware from the programs, or put another way, provide standard interfaces that all programs use, no matter what the lower level is setup for. User interfaces are all the same no matter what level of hardware you are using. New or old, you get the same set of programs and thus have the latest tools even on an old system.
This is exactly why Android works so well - the kernel provides the same set of tools no matter which vendor or level of hardware on the smart phone or tablet. You get the same set of "apps" on every phone, whether small, medium, or large system, thanks to the standard interface the kernel provides to the tools using it. That is the advantage of modular and open source software. Every vendor has access to the same set of basic tools to create utilities that everyone can use, no matter what vendor created the hardware system they are on.
A common question I get is, "Why so many Distros?". The version of Linux you might install is composed of a kernel, 1000s of Unix based utilities and applications, and tools to help install and use the specific version of the Distro you loaded. The typical install starts out with everything in "English", and if your not an English reader what do you do? Most installs have the change language setup option on the third or fourth screen, but still, how do you know about it if you don't read English. I would say that about 20 to 30% of the available Distros are specialty Distros and by that I mean, they are designed for a specific group of people, such as those non-English readers. Within this group are organizations and universities that want a Distro that allows their members to get access or use a specific set of tools. They often represent a special setup, where you might need a specific configuration that is too complex for the average user or student - think proxy servers, special VPN tools, things that you might not want every person to know about. There are many reasons for so many Distros, including how they get installed.
There are three types of Distros as it relates to how they install. I like Debian, as it installs by grouping packages and as such you can install all the default packages, some or very few. Ubuntu uses an image install, where the disk contains a single image that gets copied to your hard drive - basically all or nothing. Then there is Gentoo which downloads tar source files and compiles each and every program or tool you need to specifically match your hardware setup - ideally for maximum performance. There are lots of variations and minor alterations of those three options, but it gives you another reason for variations in the Distros. Take a specific language Distro, it might be based on an install of Ubuntu where the creator simply loads an image of it on their system, configures everything for the special language, and exports a new image for their users. It is just a Ubuntu setup for one group. An new upgrade is not needed if any changes done to the original release of Ubuntu do not effect the language settings. You just use the normal update tools and they will continue with the proper language selection. Should the language tools be effected by a change, only then, does a new release become necessary.
Distros are also grouped based on hardware platforms, as each hardware platform needs to have all the packages compiled for the type of hardware system. Distros based on x86 hardware, will not run on systems using ARM type CPU's. There are a number of Distros built for older UNIX systems, such as early SUN, HPUX, DEC, and many more. These are hardware systems so old that the companies no longer support them and may themselves be gone. You might have some very old x86 hardware, say win95 vintage, and there are versions just for that, since all the newer versions are going to 64 bit support.
I might mention that some of the distros are out there simply because the developer wanted to show that they can create releases. Some are there in hopes of helping new users get a better start. There is always someone wanting to get a business started by showing just what they can do. I created a live Distro as part of showing how easy a group like ARRL could create their own DVD to ship to members. I spent one weekend doing tutorials that were part of the live build tools. Those tutorials had me create several variations of live distros, and over the next few weeks, I created more advanced variations that would display my company logo, start with a browser displaying a specific page, and lots of tools related to ham radio. All those tasks were done while doing other things and as such a full time employee could easy learn what is needed within a one or two week time frame. It is so easy in fact, that clearly the question is not why so many distros, but why do you not have your own special Distro.
Over the past few months of doing these articles, I have had problems explaining to people that they need to do an update followed by an upgrade when using apt-get. It was doing the XP to Linux support that it became clear that windows users were getting confused due to the way Windows handles upgrades and bug fixes. Running the windows "updater" is a bit like running "synaptic" in that a whole number of steps and actions happen behind the display. The first step that both do is download a current list of packages and their version number. In apt-get this is the "update" step. All modern systems keep some list of what is installed, what release or version the software is currently at, and sometimes status - like, pending install but not yet installed. In Windows, there is no way to know what is the latest release available, or any details of a update, without going to the M/S site. In Linux (Debian), you download the latest list of packages when you do an update and thus have on your system all the information about currently what is available for your setup. "apt-get update" refreshes that list and makes it current to when you just did the "update"
In Windows, doing the actual upgrade of installed packages, happens when you tell the updater to go, if your not on automatic. I fear that most users use automatic and thus had no idea what or when upgrades happened. The whole process of keeping your system current was removed from you and the same is possible in Linux. However, I personally find that process unacceptable and feel that at a minimum, users should take responsibility for what is put on your system and how that process works. If there is nothing more you learn about the internals of a Linux distribution, it should be the software installation process. The main concepts are the need to "update" the data base of known packages, and then "upgrade" your packages to the most current version, should you feel it is needed. There are times where you might not want to upgrade packages if you know that doing so might break something you have loaded manually.
Linux distributions, typically have major and minor numbers that express their release versioning. Major numbers represent the overall package design, while minor numbers represent the collection of upgrades that have been done since the major release. In the case of Debian, their current "wheezy" releases are at 7.6, which means they have done 6 minor upgrades to the entire distribution since 7.0 was released almost three years prior. The testing branch "jessie", the basis for Ubuntu and many other releases, is considered 8.0 and at the end of 2014 is in final testing before release. I consider the testing branch to be too unstable for general usage until it is locked and into the final stages before the general release. If you want to try "jessie" simply edit your "/etc/apt/sources.list" file and replace "wheezy" with "jessie". Then do "sudo apt-get update" followed by "sudo apt-get dist-upgrade".
There are two levels of upgrade, the normal "upgrade" and the "dist-upgrade". When you do either of these commands after an "update" of the database, the tool compares latest versions with what is on your system, and will select all packages needing upgrading. If you are at 7.4 and do upgrade, you will only upgrade those packages that have changed in 7.4 and nothing more. If you do "dist-upgrade", you whole system will be brought up to date with the latest versions and system changes of the current release state, mainly 7.6. A dist-upgrade may remove and add packages to meet the latest release status. You can as well specify a given package for upgrading by doing am "install" of just that package.
One of the reasons to do update is simply to keep your copy of the latest status of the Distribution up to date. This allows you to do "search" and "show" of package information. To find out if a certain package or type of operation is available you would do "sudo apt-cache search browser" to get a list of "browsers" available for loading. In the list should be "midori" and to know more about that package you would do "sudo apt-cache show midori" and it will print on the screen a number of facts related to it. Synaptics does all this behind a GUI, but in some cases it doesn't show you all the actual data. Therefore I feel it helps if you do know some of what is going on behind the "GUI".
Normally people will use Linux and have no problems other than some confusion over this or that command option. For command options, simply do a "man" of the command and read through the options. The built in manual is called "man" and will give you usually more information that you ever wanted to know. Another common problem can be running out of disk space. Unix/Linux systems are writing to and from the file system all the time and as such it must have space free to work. Generally speaking you should never let the Use% space become more than 90% without freeing up more space. Should it happen that you hit 100%, simply remove files until your back under 90%. Should you by chance re-boot before you can remove data, you may find it necessary to boot using some live Distro and "mount" the drive in order to remove files. You will need to do all that as "root" on the live system - possibly using "sudo". Don't forget that you can usually hit ctl-alt-f1 and drop out of the X-Window and into a terminal session. Log in to that as root and remove files until it drops back below 90% used. ctl-alt-f7 normally will return you to the desktop, but on some systems it is ctl-alt-f8, or alt-f8, and even a alt-left-arrow may work. Search the internet using your distros name and "help with terminal mode" to find out more.
One reason to know some command line options, is in troubleshooting. At one time there was one screen saver, that when it was running, would not un-lock the screen. When that happened, I would remotely log in using ssh and kill the screen saving process. You can remotely log in sometimes after running out of space and remove files - it might be slow but it does work. Sometimes when your out of space, hitting "ctl-c" will stop the login from trying to create log files and thus allow a login to happen. There are some commands that it might help knowing when things go wrong - just do a "man command" of the command you want to know about. Here is my list of possible commands that might help while troubleshooting: ls, dpkg, df, apt-get, apt-cache, mount, umount, halt, reboot, sudo, dmesg, tail, head, kill, ssh, sftp, ps, cat, grub, update-grub, ping, and some file locations that you might want to investigate: /etc/apt/sources.list, /etc/network/interfaces, /etc/fstab, /etc/mtab, /etc/inittab, /proc/partitions, /proc/cpuinfo, /proc/meminfo. It is important to know about log files and where they are located when troubleshooting. You generally need to check the files as root and thus use this command to see the latest system log file "sudo more /var/log/syslog", or to just see the last 40 lines try "sudo tail -40 /var/log/syslog". You might want to check the /var/log/auth.log file to see if someone is trying to break into your system. If you think something happened during startup, there is the dmesg that is generated by the kernel during boot and updated as the system is running. Say you want to know which "eth" or Ethernet device is in use, try this "dmesg | grep -i eth". Plugged in a USB device and want to know what the kernel just did, then try "dmesg | tail -20". There are hundreds more examples, troubleshooting tips, and explanations of commands on the internet.
It is important to come away from this article understanding many minor things about what we call a Linux Distro. It helps to know it is modular and the kernel, Linux kernel in this case, is but the core program around which hundreds of Unix like or Unix based applications, tools, and programs run. It is this whole set of tools that together make what is incorrectly called Linux. It should be gnu/Linux/Unix like system and not just Linux, but then the PC or personal computer was neither the first personal computer nor a real computer at all. What systems or products are called is rarely what they truly are, yet most people grasp what they actually are and this is what I hope you come away from here knowing. That a Linux Distro is composed of a kernel, lots of Unix based programs and tools, that turns a user's computer into a mini-mainframe. Enjoy a real OS.
I have added this new topic since so much has happened about Linux and security in the last few months. I find it typical that as soon as I make some statement, something happens to make it all come out wrong. Now you might be saying that I was wrong in talking about how Linux uses Unix tools and as such it shouldn't have any problems, after all Unix is about 40 years old. Thinking about that now, after two major bugs have been found in Linux tools, what an ill timed idea that was. However, I still feel that by and large Linux is more stable, has better security, and is generally problem free compared to other options available. Why so after so much negative news? It may have some new code, but the overall design is based on Unix and as such has been pretty stable for near 40 years.
This recent run of bad coding, is nothing new from a programmers view point - all code has bugs, just part of the way it works. The thing to keep in mind is that a new push is now in the works to review all the code used in Linux to make sure there are no more hidden problems. There always have been people looking over the code for problems, but it has been some time for a lot of the normal - not changed in years - programs that everyone assumes are fine. As we have learned with the problems, there are groups of people out there who are trying to find doors into Linux everyday, in fact I saw the results of this yesterday on this very server. Let me explain and show you how I stopped their attacks.
Unix/Linux use a number of tools and processes for controlling who and how access is granted to the system. Through a combination of settings and use of these tools, we can make your system open to all or closed to only a few people. The default settings for these tools have changed over the years and can change with updates/upgrades to the system. I think my settings got changed with the last upgrade and thus allowed attempts to gain access by the Chinese. You can check your own system by simply looking at "/var/log/auth.log". Here is what I saw:
> sudo tail -20 /var/log/auth.log Oct 9 23:21:11 li231-110 sshd[24502]: Failed password for root from 219.138.135.57 port 13347 ssh2 Oct 9 23:21:15 li231-110 sshd[24502]: Failed password for root from 219.138.135.57 port 13347 ssh2 Oct 9 23:21:21 li231-110 sshd[24502]: Failed password for root from 219.138.135.57 port 13347 ssh2 Oct 9 23:21:21 li231-110 sshd[24502]: Disconnecting: Too many authentication failures for root [preauth] Oct 9 23:21:21 li231-110 sshd[24502]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.138.135.57 user=root Oct 9 23:21:21 li231-110 sshd[24502]: PAM service(sshd) ignoring max retries; 6 > 3 Oct 9 23:21:53 li231-110 sshd[24522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.138.135.57 user=root Oct 9 23:21:55 li231-110 sshd[24522]: Failed password for root from 219.138.135.57 port 15209 ssh2 Oct 9 23:21:58 li231-110 sshd[24522]: Failed password for root from 219.138.135.57 port 15209 ssh2 Oct 9 23:22:02 li231-110 sshd[24522]: Failed password for root from 219.138.135.57 port 15209 ssh2 Oct 9 23:22:06 li231-110 sshd[24522]: Failed password for root from 219.138.135.57 port 15209 ssh2 Oct 9 23:22:09 li231-110 sshd[24522]: Failed password for root from 219.138.135.57 port 15209 ssh2 Oct 9 23:22:16 li231-110 sshd[24522]: Failed password for root from 219.138.135.57 port 15209 ssh2 Oct 9 23:22:16 li231-110 sshd[24522]: Disconnecting: Too many authentication failures for root [preauth]As you can see someone from "219.138.135.57" was trying to crack my root password. A simple "whois" will give us some idea who might be trying to crack me.
> whois 219.138.135.57 % [whois.apnic.net] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html % Information related to '219.138.0.0 - 219.140.255.255' inetnum: 219.138.0.0 - 219.140.255.255 netname: CHINANET-HB descr: CHINANET hubei province network descr: China Telecom descr: A12,Xin-Jie-Kou-Wai Street descr: Beijing 100088 country: CN admin-c: CH93-AP tech-c: CHA1-AP mnt-by: MAINT-CHINANET mnt-lower: MAINT-CN-CHINANET-HB changed: hostmaster@ns.chinanet.cn.net 20020521 status: ALLOCATED NON-PORTABLE source: APNIC role: CHINANET HB ADMIN address: 8th floor of JinGuang Building address: #232 of Macao Road address: HanKou Wuhan Hubei Province address: P.R.China country: CN phone: +86 27 82862199 fax-no: +86 27 82861499 e-mail: hbadd@189.cn remarks: send spam reports to hbadd@189.cn remarks: and abuse reports to hbadd@189.cn remarks: Please include detailed information and remarks: times in GMT+8 admin-c: YZ83-AP admin-c: ZC77-AP tech-c: YZ83-AP tech-c: ZC77-AP nic-hdl: CHA1-AP notify: hbadd@189.cn mnt-by: MAINT-CN-CHINANET-HB changed: zhangyl68@public.wh.hb.cn 20031114 changed: hm-changed@apnic.net 20111114 changed: zhengzm@gsta.com 20130806 source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: anti-spam@ns.chinanet.cn.net address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN changed: dingsy@cndata.com 20070416 changed: zhengzm@gsta.com 20140227 mnt-by: MAINT-CHINANET source: APNIC % This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS3)We can see from this line "% Information related to '219.138.0.0 - 219.140.255.255'" that it is not just one IP but hundreds of possible places in China that could be trying to crack the password. Another way to see what is being tried is to do a "grep" on the log for "failed" or "Invalid":
> sudo grep Invalid /var/log/auth.log Oct 9 17:19:31 li231-110 sshd[20450]: Invalid user virus from 119.97.146.76 Oct 9 17:21:33 li231-110 sshd[20490]: Invalid user windows from 119.97.146.76 Oct 9 17:25:38 li231-110 sshd[20523]: Invalid user dummy from 119.97.146.76 Oct 9 17:27:40 li231-110 sshd[20535]: Invalid user appserver from 119.97.146.76 Oct 9 17:29:42 li231-110 sshd[20551]: Invalid user zope from 119.97.146.76 Oct 9 17:31:46 li231-110 sshd[20589]: Invalid user vnc from 119.97.146.76 Oct 9 17:33:46 li231-110 sshd[20605]: Invalid user cyrus from 119.97.146.76 Oct 9 17:35:48 li231-110 sshd[20624]: Invalid user ovh from 119.97.146.76 Oct 9 17:37:50 li231-110 sshd[20640]: Invalid user estrella from 119.97.146.76 Oct 9 17:43:56 li231-110 sshd[20710]: Invalid user git from 119.97.146.76 Oct 9 17:45:58 li231-110 sshd[20733]: Invalid user fr from 119.97.146.76 Oct 9 17:50:00 li231-110 sshd[20775]: Invalid user deploy from 119.97.146.76 Oct 9 17:52:02 li231-110 sshd[20813]: Invalid user deploy from 119.97.146.76 Oct 9 17:54:03 li231-110 sshd[20827]: Invalid user testuser from 119.97.146.76 Oct 9 18:02:09 li231-110 sshd[20916]: Invalid user azure from 119.97.146.76 Oct 9 18:04:10 li231-110 sshd[20932]: Invalid user r00t from 119.97.146.76 Oct 9 18:18:13 li231-110 sshd[21009]: Invalid user oracle from 119.97.146.76 Oct 9 18:20:12 li231-110 sshd[21035]: Invalid user test from 119.97.146.76 Oct 9 18:22:13 li231-110 sshd[21037]: Invalid user tomcat from 119.97.146.76 Oct 9 18:32:08 li231-110 sshd[21070]: Invalid user nagios from 119.97.146.76 Oct 9 18:34:07 li231-110 sshd[21072]: Invalid user postgres from 119.97.146.76 Oct 9 18:36:06 li231-110 sshd[21077]: Invalid user oracle from 119.97.146.76 .... > sudo grep -i failed /var/log/auth.log Oct 9 23:20:46 li231-110 sshd[24472]: Failed password for root from 219.138.135.57 port 63858 ssh2 Oct 9 23:21:04 li231-110 sshd[24502]: Failed password for root from 219.138.135.57 port 13347 ssh2 Oct 9 23:21:55 li231-110 sshd[24522]: Failed password for root from 219.138.135.57 port 15209 ssh2 Oct 9 23:23:06 li231-110 sshd[24526]: Failed password for root from 219.138.135.57 port 18156 ssh2 Oct 9 23:23:41 li231-110 sshd[24535]: Failed password for root from 219.138.135.57 port 21296 ssh2 Oct 9 23:24:19 li231-110 sshd[24539]: Failed password for root from 219.138.135.57 port 22720 ssh2 > grep -i failed /var/log/auth.log | wc -l 40404 > sudo grep Invalid /var/log/auth.log | wc -l 2045 > sudo grep "Accepted password" /var/log/auth.log >As you can see from the last few entries, this log had 2045 "Invalid" attempts and 40404 "root" attempts. An older log has similar entries, showing that this attack had been on going for sometime. So what did I do wrong to allow this - actually nothing - I accepted the default setup settings and assumed they were correct - which they were not. How can I tell they are not correct - by seeing "root" attempts. Most systems will have the ssh daemon not accept root login. It is very bad security wise to allow any "root" login. You are suppose to have users login using their own user name and password, then "su" to root. For some reason, the "PermitRootLogin" option in /etc/ssh/sshd_config was set to "yes", and changing it to "no" will cause all further root attempts to be "refused". The last grep was to see if anyone successfully logged in using a password. Since I login using a "publickey" and the grep returned nothing - it means no one broke my password.
The next problem to fix is all the attempts to login as some user. You can see system "119.97.146.76" running through a list of possible users and their typical password. A "whois" on the IP showed the same information as the other "whois", just a different range of IP addresses. So we need to change who is allowed and who is not allowed to connect. Unix/Linux provides just such files in "/etc" and they are "host.allow" and "host.deny", which had not been setup at all and usually are empty by default - you must edit them yourself. If your behind a firewall and do not allow "ssh" or "port 22" access, setting these up is not needed - the firewall will keep people from trying to login. However if you have remote users or do ssh login for updating your remote server, you need to setup the "allow" and "deny" files with your IP or users allowed entry. Here is what is in my files:
> cat /etc/hosts.* # /etc/hosts.allow: list of hosts that are allowed to access the system. # See the manual pages hosts_access(5) and hosts_options(5). # sshd: 215.107.252.197 ALL: 215.107.252.197 # /etc/hosts.deny: list of hosts that are _not_ allowed to access the system. # See the manual pages hosts_access(5) and hosts_options(5). # # You may wish to enable this to ensure any programs that don't # validate looked up hostnames still leave understandable logs. In past # versions of Debian this has been the default. # ALL: PARANOID sshd: ALL : deny ALL: PARANOIDYou will need to restart the "sshd" or ssh service for the changes to take effect. From my Unix days, I like to use "kill -HUP $PID" to restart things - a bit old fashioned but sure to work. You need to do "ps -ef | grep sshd" to get the $PID and then run the command using the found PID. At this point, go back and see what is going into the auth log, it should only be your "sudo" commands and any cron jobs run as root. If you have a complex setup or special programs needing access, consult the man pages or search the web for more help - there is plenty help out there on this topic of keeping your system secure.
What is important to come away from this discussion, is that your system is only as secure as you make it. You see that I have a good password, as it was not broken by over 40,000 attempts. Is your password that secure? Do you need to allow other users to login and if so, are they in the host.allow file and all others "denied"? Please check your system and review some of the logs to make sure, as we don't want to allow the Chinese getting access to your system and maybe through it access to somewhere else.
The Debian "all about Linux" starting point
Web site that rates and reviews distributions of all types.
Puppy Linux, great for very old hardware, runs from RAM only.
RoboLinux - designed for XP users with special XP VM software.
Download The Robolinux Virtual Machine "VM" Software for Ubuntu.
Zorin - a beginner friendly i386 distro..
OpenSUSE distro, has live and special versions, their YAST setup tools are terrific.
Get Virtual Box from here for Windows XP and later, MacOS, and Linux.
Live example of XFCE i386 400MB image - with install.
List of sections in "wheezy" repositories.
Debian's Live CD WIKI page - great place to start!
Debian Live systems main page - docs and image builder.
Debian Live-build manual page - all you need to know about live images!